UEM Group Berhad Mobile Device Policy

Mobile Device Policy

 UEM Group Berhad Mobile Device Policy

Intellectual Property Notice

All information disclosed whether in writing or orally, if classified confidential or proprietary by UEM
Group Berhad (UEM) at the time of disclosure, shall be deemed proprietary and shall be held in confidence
(using at least the same degree of care that the recipient uses to protect its own confidential information
of similar nature and value) by the Parties for 5 years or such earlier date when the information becomes
publicly available, disclosed by an independent party without any obligations of confidentiality, is
developed independently at any time by any party, or is required to be disclosed by operation of law.

None of the parties shall have any rights to UEMs proprietary rights. Such information includes financial
and other business information, ideas and know-how, software and technology.

The above confidentiality and rights terms and conditions will be governed by the laws of Malaysia.

No person has been authorized by UEM to provide any information or make any representations not
contained in this document. Any use the reader makes of this policy, or any reliance upon or decisions to
be made based upon this policy are the responsibility of the reader. UEM does not accept any
responsibility for damages, if any, suffered by the reader based upon this document.

2
 UEM Group Berhad Mobile Device Policy

Document Description

Process Ref. No. UEM/GICT/POL/2016/Mobile

Process Title Mobile Device Policy
Version No.: P20160601 V01.00 Version Date: 1 June 2016
UEM Group Berhad
Effective date: 1 June 2016 Document Owner:
(Group ICT)
Applicable To: All Staff Copies To: All Staff, MDs/CEOs, BOD
Review Frequency: Yearly

Document Version History

Version Short Description of Version Author Reviewed Approved

Number Major Changes Date Name By By
01.00 Initial Document 1-6-16 Bernie Lee GICT, GHC GMD/CEO

3
 UEM Group Berhad Mobile Device Policy

Contents
1 Purpose ................................................................................................................................................ 5
2 Audience .............................................................................................................................................. 5
3 Definition ............................................................................................................................................. 5
4 Usage Guidelines.................................................................................................................................. 6
5 Devices and Support ............................................................................................................................ 7
6 Security ................................................................................................................................................ 7
7 Risks and Liabilities .............................................................................................................................. 8
8 Rights.................................................................................................................................................... 8
9 Terms of Service ................................................................................................................................... 9
10 Exception.............................................................................................................................................. 9
11 Implication ........................................................................................................................................... 9
12 Review .................................................................................................................................................. 9

4
 UEM Group Berhad Mobile Device Policy

1 Purpose

1.1 This policy describes the guidelines adopted by UEM and its Group of Companies (herein
known as the Company or UEM) in regards to the acceptable use of official company
issued and personal mobile devices using UEMs network, applications and all UEM
technology infrastructure.

1.2 This policy is to protect the security and integrity of UEMs data and technology
infrastructure.

1.3 This policy takes into effect as an expansion in specific areas of:
UEM Group ICT General Governance Policy
UEM Group ICT Security Policy
UEM Group Social Media Policy
Employee Handbook and Code of Conduct
Personal Data Protection Act 2010 (Law of Malaysia, Act 709)
All other Company policies, guidelines, standards, rules and regulations
All appropriate state and federal laws and regulation

1.4 Strict compliance to the policy is mandatory.

2 Audience

2.1 This policy applies to the Company and its Board of Directors, permanent employees,
contract employees, temporary employees (e.g. interns/trainees, SL1M, YES, etc.) and
external guests to UEM technology infrastructure. Strict compliance to the policy is
mandatory.

3 Definition

3.1 Mobile Device is a small computing device, typically small enough to be handheld, having a
display screen with touch input and/or a miniature keyboard. It has an operating system
(OS) and can run various types of application software, known as apps. Most Mobile Devices
can also be equipped with Wi-Fi, Bluetooth, Near Field Communication (NFC) and Global
Positioning System (GPS) capabilities that can allow connections to the Internet and other
devices. A camera or media player feature for video or music files can also be typically found
on these devices. Mobile Devices also may provide biometric user authentication, such as
using the built-in camera for face recognition or using a fingerprint sensor for fingerprint
recognition.1

3.2 Mobile Devices in this policy are defined as laptops, notebooks, ultrabooks, tablets,
smartphones and other devices with the similar specifications and usage.

1 Excerpt from Wikipedia (https://en.wikipedia.org/wiki/Mobile_device)

5
 UEM Group Berhad Mobile Device Policy

3.3 Authorised Users includes the Board of Directors, permanent employees, contract
employees, temporary employees and external guests of the Company whom have been
authorized to have access to UEM technology infrastructure.

3.4 Certain guidelines contained in this policy will be applicable to employees of the Company
only.

3.5 Unapproved Applications refer to third party applications that have not been authorized
by UEM and no support will be provided.

4 Usage Guidelines

4.1 UEM grants its Authorised Users the privilege of using Mobile Devices of their choosing at
work, for productivity and convenience purposes. In doing so, UEM Authorised Users must
agree to adhere to this policy when using UEMs network, applications and technology
infrastructure. UEM reserves the right to revoke this privilege if the employee does not
abide by the policies and procedures outlined below:

4.1.1 The Company defines acceptable use as activities that directly or indirectly support
the business of UEM.

4.1.2 The Company defines acceptable personal use on Company time as reasonable
and limited personal communication.

4.1.3 Employees are blocked from accessing certain websites during work hours while
connected to the corporate network at the discretion of the Company. Accessing
websites that is related to social media is governed by the guidelines in UEM Social
Media Policy.

4.1.4 Mobile Devices are allowed to connect to UEMs network, applications and
technology infrastructure but may not be used for the following (includes but not
limited to):
4.1.4.1 Store or transmit illicit materials
4.1.4.2 Harass others
4.1.4.3 Engage in outside business activities
4.1.4.4 Engage in illegal activities
4.1.4.5 Engage in activities that Company may deem as inappropriate or
irregular or not in compliance with the business activities

4.2 UEM respects the privacy of the owner of the personal Mobile Device and will only request
access to the device by ICT support personnel to implement security controls or to respond
to legitimate discovery requests.

6
 UEM Group Berhad Mobile Device Policy

5 Devices and Support

5.1 Only Mobile Devices running Apple iOS, Blackberry OS, Google Android or Microsoft
Windows operating systems are supported in UEMs network.

5.2 Official technical support by the UEM Group ICT is provided up to Apple iOS9.x, Blackberry
OS 10.x, Google Android 5.x, Windows 10 for company issued devices only. Other versions
and operating systems may be supported on best effort basis.

5.3 Personal owned Mobile Devices will not be supported by UEM Group ICT, however, a
document on Frequently Asked Questions (FAQ) will be available to Authorised Users who
wish to use their device to access UEMs network, applications and technology
infrastructure. For UEM applications support, UEM Group ICT will channel the inquiries and
issues logged where applicable to the application vendor as per the support agreement for
the application.

5.4 Connectivity issues pertaining to the corporate network are supported by UEM Group ICT
for company issued Mobile Devices only. However, Authorised Users should contact the
Company or device manufacturer or their carrier for hardware-related issues or
connectivity to the mobile carrier.

5.5 Company issued Mobile Devices may be presented to UEM Group ICT for proper job
provisioning and configuration of standard apps, such as browsers, office productivity
software and security tools, prior to accessing the UEM network.

6 Security

6.1 In order to prevent unauthorized access, devices must be pattern, password or passcode
protected using the features of the device.

6.2 Rooted (Android) or jailbroken (iOS) devices are strictly forbidden from accessing UEM
network, application and technology infrastructure. This is due to obvious reason whereby
these devices are easily compromised without notice.

6.3 Authorised Users who are assigned Company issued Mobile Devices are prevented from
downloading, installing and using any unapproved applications, software, technology
infrastructures.

6.4 Authorised Users access to Company data and network is limited based on user profiles
defined and is automatically enforced.

6.5 The Company may implement the Mobile Device Management (MDM) capabilities into the
network in near future, and all Mobile Devices has to abide by this framework for an
increased protection to Company and personal data.

7
 UEM Group Berhad Mobile Device Policy

7 Risks and Liabilities

7.1 Mobile Devices must only install software applications from approved sources eg. Apple
App Store, BlackBerry World, Google Play, Microsoft Store, or other trusted
sources/websites. Installation of applications on Mobile Devices from untrusted sources is
strictly forbidden.

7.2 It is the employees responsibility to take additional precautions, such as backing up email,
contacts, media, files etc.

7.3 The Company reserves the right to disconnect Mobile Devices or disable services without
notification.

7.4 Lost or stolen official company issued devices must be reported to the Company within 24
hours.

7.5 If an employee suspects an unauthorized access to Companys data via a Mobile Device has
occurred, the employee must report the incident to UEM Group ICT in alignment with UEM
incident handling process.

7.6 The employee is expected to use his or her devices in an ethical manner at all times and
adhere to the Companys acceptable use policy as outlined in this document.

7.7 The employee assumes full liability for risks including, but not limited to, the partial or
complete loss of Company and personal data due to an operating system crash, errors, bugs,
viruses, malware, and/or other software or hardware failures, or programming errors that
render the device unusable.

7.8 UEM reserves the right to take appropriate disciplinary action up to and including
termination of employment or legal actions for non-compliance with this policy.

8 Rights

8.1 The Company reserves the right to review the employee use of Company-provided network
and internet resources, including social media activities.

8.2 Authorised Users should have no expectation of privacy for Internet usage via Mobile
Devices via the UEM corporate network. All activities are captured for transparency and
security reasons.

8.3 The Company reserves the right to take disciplinary action as deemed appropriate to any
violations of the requirements on this policy and policies stated in Section 1.3.

8
 UEM Group Berhad Mobile Device Policy

9 Terms of Service

9.1 Authorised Users are responsible to read, understand and comply with the Terms of
Services (if any) of Mobile Devices used. However, in the event that the Terms of Services
contradicts any laws, regulations and guideline observed by the Company, the employee is
responsible to bring the matter to the Managements attention.

10 Exception

10.1 Exceptional requirements against the policy may be accepted subject to the approval of the
Company. Such approval must be made in writing and auditable records must be
maintained.

11 Implication

11.1 Violation of the policy and rules may result in serious consequences affecting an individuals
employment such as disciplinary action, up to and including dismissal.

11.2 Violation of the policy and rules by members of the Board or external users such as guests
to UEM network, application and technology infrastructure may result in legal actions by
UEM.

12 Review
12.1 The Company reserves the right to modify or review this policy at any time. Changes to this
policy are deemed to be communicated to all Authorised Users of UEM network, application
and technology infrastructure.

END OF DOCUMENT